Claims 



22 



1. A generic system for integrating a target application to an authentication system for 
authenticating users of the target application, the generic system comprising a server coupled 

5 to a database of configuration information about a login process for the target application, the 
server being programmed to access the database of configuration information to conduct the 
login process with a user of the target application and to use the authentication system to 
authenticate the user and to enable the user to access the target application once the 
authentication system has authenticated the user, the generic system further including an 
10 administrative application for permitting a system administrator to create and edit the 
configuration information. 

2. The generic system as claimed in claim 1, wherein the authentication system is a 
centralized authentication system of a business organization, and the target application is in a 

15 third-party web server coupled by a network to the centralized authentication system. 

3. The generic system as claimed in claim 1, wherein the server is programmed to 
issuing at least one token to enable the user to access the target application once the 
authentication system has authenticated the user. 

20 

4. The generic system as claimed in claim 1, wherein a data network couples the target 
application to the server, the server is programmed to receive a Uniform Resource Locator 
including an identification of the target application, and the server is further programmed to 
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use the identification of the target application for looking up the configuration information 
from the database. 

5. The generic system as claimed in claim 1, wherein the server is programmed to obtain 
5 from the database configuration information defining an inbound parameter, and the server is 

programmed to receive the inbound parameter from the target application. 

6. The generic system as claimed in claim 1, wherein the server is programmed to obtain 
from the database configuration information defining a natural language, and the server is 

10 programmed to use the natural language for communication with the user during the login 
process. 

7. The generic system as claimed in claim 1, wherein the server is programmed to obtain 
from the database configuration information defining an outbound parameter, and the server 

15 is programmed to send the outbound parameter to the target application once the 
authentication system has authenticated the user. 

8. The generic system as claimed in claim 1, wherein the administrative application is 
programmed to present a graphical user interface to the system administrator for creating and 

20 editing the configuration information, and the graphical user interface includes pages for 
listing active and inactive target applications integrated with the authentication system, and 
pages for creating and editing a selected one of the target applications. 

H: 551419{BTH701!.DOC) 



24 

9. The generic system as claimed in claim 1, wherein the administrative application is 
programmed to present a graphical user interface to the system administrator for creating and 
editing the configuration information, and the graphical user interface includes pages for 
selecting a natural language for conducting the login process, for specifying inbound 

5 parameters to be received from the target application and outbound parameters to be sent to 
the target application, for configuring at least one authorization setting, for configuring at 
least one token, and for selecting an encryption option for encrypting the token. 

10. The generic system as claimed in claim 9, wherein the graphical user interface 

10 includes at least one page for exporting and importing authentication integration projects. 

1 1 . The generic system as claimed in claim 1, wherein the administrative application is 
programmed to present a graphical user interface to the system administrator for creating and 
editing the configuration information, the administrative application includes a series of 

15 action modules for presenting respective pages of the graphical user interface to the system 
administrator, and the action modules are programmed for invoking business logic. 

12. The generic system as claimed in claim 1, wherein the server includes a data cache 
coupled to the database. 

20 

13. The generic system as claimed in claim 1, wherein the server is programmed with a 
plurality of authentication modules for integrating respective target applications to the 
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authentication system, and the server is programmed with an authentication module 
controller for directing user login requests to the respective authentication modules. 



14. A generic token-based system for integrating a target application on a first server to 

5 an authentication system for authenticating users of the target application, the generic system 
comprising a second server coupled to a database of configuration information about a login 
process for the target application, the second server being programmed to access the database 
of configuration information to conduct the login process with a user of the target application 
and to use the authentication system to authenticate the user and to issue at least one token to 
10 enable the user to access the target application once the authentication system authenticates 
the user, wherein the second server is programmed to receive a Uniform Resource Locator 
including an identification of the target application, and the second server is further 
programmed to use the identification of the target application for looking up the 
configuration information for the login process from the database. 

15 

15. The generic system as claimed in claim 14, wherein the second server is programmed 
to obtain from the database configuration information defining an inbound parameter, and the 
second server is programmed to receive the inbound parameter from the target application. 

20 16. The generic system as claimed in claim 14, wherein the second server is programmed 
to obtain from the database configuration information defining a natural language, and the 
second server is programmed to use the natural language for communication with the user 
during the login process. 
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17. The generic system as claimed in claim 14, wherein the second server is programmed 
to obtain from the database configuration information defining an outbound parameter, and 
the second server is programmed to send the outbound parameter to the target application 

5 once the authentication system has authenticated the user. 

1 8. A method of integrating a target application to an authentication system for 
authenticating users of the target application, the method comprising a system administrator 
operating a graphical user interface to enter configuration information about a user login 

10 process into a database, the graphical user interface presenting a series of pages of 

configuration options to the system administrator, and once the configuration information has 
been entered into the database, accessing the configuration information in the database to 
conduct the user login process with a user of the target application and using the 
authentication system to authenticate the user and to enable the user to access the target 

15 application once the authentication system has authenticated the user. 

19. The method as claimed in claim 18, wherein the authentication system is a centralized 
authentication system of a business organization, and the target application is in a third-party 
web server coupled by a network to the centralized authentication system, and the login 

20 process includes redirection of a user login request from the third-party web server to a 
server accessing the database and the centralized authentication system. 
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20. The method as claimed in claim 18, wherein the configuration database includes 
configuration information for configuring a plurality of applications to the authentication 
system, the target application transmits a Uniform Resource Locator including an 
identification of the target application, and the method includes obtaining the identification 

5 of the target application from the Uniform Resource Locator, and using the identification of 
the target application for looking up the configuration information for the target application 
from the database. 

21. The method as claimed in claim 18, which includes obtaining from the database 
10 configuration information defining an inbound parameter, and receiving the inbound 

parameter from the target application. 

22. The method as claimed in claim 1 8, which includes obtaining from the database 
configuration information defining a natural language, and using the natural language for 

15 communication with the user during the login process. 

23. The method as claimed in claim 18, wherein the server accessing the database and the 
centralized authentication system is programmed to obtain from the database configuration 
information defining an outbound parameter, and the method includes sending the outbound 

20 parameter to the target application once the authentication system has authenticated the user. 

24. The method as claimed in claim 1 8, which includes the graphical user interface 
presenting to the system administrator pages for listing active and inactive target applications 
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integrated with the authentication system, and pages for creating and editing a selected one of 
the target applications. 



25 The method as claimed in claim 1 8, which includes the graphical user interface 
5 presenting to the system administrator pages for selecting a natural language for conducting 
the login process, for specifying inbound parameters to be received from the target 
application and outbound parameters to be sent to the target application, for configuring at 
least one authorization setting, for configuring at least one token, and for selecting an 
encryption option for encrypting the token. 

10 

26. The method as claimed in claim 25, which includes the graphical user interface 
presenting to the system administrator at least one page for exporting and importing 
authentication integration projects. 

15 27. A method of using an authentication system for authenticating users of a target 

application on a first server, the method comprising maintaining a database of configuration 
information about a login process for the target application, and using a second server to 
access the database of configuration information to conduct the login process with a user of 
the target application and to use the authentication system to authenticate the user and to 

20 issue at least one token to enable the user to access the target application once the 

authentication system has authenticated the user, wherein a data network couples the first 
server to the second server, and the second server receives a Uniform Resource Locator 
including an identification of the target application and uses the identification of the target 
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application for looking up the configuration information for the login process from the 
database. 

28. The method as claimed in claim 27, wherein the second server obtains from the 

5 database configuration information defining an inbound parameter, and the second server 
receives the inbound parameter from the target application. 

29. The method as claimed in claim 27, wherein the second server obtains from the 
database configuration information defining a natural language, and the second server uses 

10 the natural language for communication with the user during the login process. 

30. The method as claimed in claim 27, wherein the second server obtains from the 
database configuration information defining an outbound parameter, and the second server 
sends the outbound parameter to the target application once the authentication system has 

1 5 authenticated the user. 

31. A method of integrating a third-party web application to a centralized authentication 
system, said method comprising a system administrator using a graphical user interface to 
select configuration options from a series pages to define the login process to be used when a 

20 user logs into the third-party web application, creating an authentication module for the third- 
party web application, and storing the configuration information in a database, redirecting a 
user login request from the third-party web application to a server containing the 
authentication module, and upon receipt of the user login request, the server activating the 
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authentication module to retrieve the configuration information from the database to conduct 
the login process and to use the authentication system for user authentication and then issuing 
a token for enabling user access to the third-party web application. 
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